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1. OBJECTIVE OF THE RISK POLICY; 

The objective of the risk policy is to ensure that a strategic plan is developed that assist 
management to make informed decisions which will: 

■ Improve the municipality’s performance on decision making and planning; 

■ Promote a more innovative, less risk averse culture in which the taking of calculated risks 
in pursuit of opportunities to benefit the municipality is encourage; 

■ Provide a sound basis for integrated risk management and internal control a components 
of good corporate governance; 

■ Promote a reporting system which will facilitate risk reporting; and 

■ Promote an effective culture of risk assessment. 

The improvements and benefits which effective Risk Management should provide are: 

■ An increased likelihood of achieving the municipality’s aims, objectives and priorities; 

■ Prioritising the allocation of resources; 

■ Giving an early warning of potential problems; and 

■ Providing key officials with the skills to be confident risk takers. 


2. APPLICABLE LEGISLATIVE FRAMEWORK 

2.1. Accounting Officer 

Section 62 (1) (c)(i) of the MFMA requires that: 

"(1) The accounting officer of a municipality is responsible for managing the financial 
administration of the municipality, and must for this purpose take all responsible steps to ensure - 
(c) that the municipality has and maintains effective, efficient and transparent systems - 

• (i) of financial and risk management and internal control." 

2.2. Management, Other Personnel, Chief Risk Officer, Risk Champions 

The extension of general responsibilities in terms of Section 78 of the MFMA to all senior 
managers and other officials of municipalities implies that responsibility for risk 
management vests at all levels of management and that it is not limited to only the 
accounting officer and internal audit. 



2.3. Internal Auditors 


Section 165 (2) (a), (b)(iv) of the MFMA requires that: 

"{2) The internal audit unit of a municipality or municipal entity must 

(a) prepare a risk based audit plan and an internal audit program for each financial year; 

(b) advise the accounting officer and report to the audit committee on the implementation on the 
internal audit plan and matters relating to: 

• (iv) risk and risk management." 

Section 2110 - Risk Management of the International standards for the Professional Practice of 
Internal Auditing states: 

"The internal audit activity should assist the organisation by identifying and evaluating 
significant exposures to risk and contributing to the improvements of risk management and 
control systems. 

2110. A1 - The internal audit activity should monitor and evaluate the effectiveness of the 
organisation 's risk management system. 

2110. A2 - The internal audit activity should evaluate risk exposures relating to the 
organisation 's governance, operations, and information systems regarding the: 

• Reliability an integrity of financial and operational information; 

• Effectiveness and efficiency of operations; 

• Safeguarding of assets; 

• Compliance with laws, regulations, and contracts. 

2110. Cl - During consulting engagements, internal auditors should address risk consistent with 
the engagement's objectives and be alert to the existence of other significant risks. 

2110. C2 - Internal Auditors should incorporate knowledge of risks gained from consulting 
engagements into the process of identifying and evaluating significant risk exposures of the 
organisation. " 

1.4. Audit Committee 

Section 166 (2) of the MFMA states: 

"(2) An audit committee is an independent advisory body which must - 
(a) advise the municipal council, the political office-bearers, the accounting officer and the 
management staff of the municipality, or the board of directors, the accounting officer and 
management staff of the municipal entity, on matters relating to - 


( a ) risk management. 



3 . KEY DEFINITIONS 

For the purpose of this policy, the following words will be defined as follows 


Term 

Explanation 

Risk Management 

Risk Management can be defined as the identification and 
evaluation of actual and potential risk areas as they pertain to 
the municipality as a whole, followed by a process of either 
termination, transfer, acceptance (tolerance) or mitigation of 
each risk. 

Risk 

A risk is something which could: 

• Have an impact by not taking opportunities or not 
capitalising on corporate strengths, 

• Prevent, influence the achievement of the set 
objectives, 

• Cause financial disadvantage, i.e. additional costs or 
loss of money or assets, or 

• Result in damage to or loss of an opportunity to 
enhance the municipality’s reputation. 

Risk Assessment 

The overall process of risk analysis and evaluation. 

Risk Management Process 

The systematic application of management policies, 
procedures and practices to the tasks of establishing the 
context, identifying, analyzing, treating, monitoring and 
communicating risks. 

Controls 

These are the existing processes, devices, practice or other 
actions that act to minimize negative risks or enhance 
opportunities. 

Risk Register 

This is a document record of each risk identified. It specifies 
a description of the risk, its causes and it impacts; an outline 
of the existing controls; an assessment of the consequences of 
the risk should it occur and the likelihood of the consequence 
occurring, given the controls; a risk rating and an overall 
priority for the risk. 

Impact 

This may be defined as the effect to a business process 
resulting in potential loss or service delivery failure should 
risk arise. 

Likelihood 

This may be defined as the probability that an adverse event, 
which could cause a risk to arise, may occur. 

Types of Risk: 

• Financial/Budget 

Risk 

• Performance Risk 

• Political Risk 

• Legal Risk 

Overspend, run out of money, failure to pay, etc. 

Lack of skills and delivery leads to termination. 

Stakeholder unhappiness e.g. Communities. 

Moneys not utilized according to regulations. 




• Audit Risk 

• Organisational Risk 

• Reputation Risk 

Qualified audit reports reflects very badly on management’s 
performance 

Lack of skill, succession, capacity, training 

Branding of the municipality, external image to the 
community. 

Risk Appetite 

Risk appetite looks at how much risk the municipality is 
willing to accept. There can still be deviations that are within 
a risk appetite. 

Risk Tolerance 

Risk tolerance is the willingness of some person or some 
organization to accept or avoid risk. Risk tolerance looks at 
acceptable/unacceptable deviations from what is expected. 


4. Risk Management Principles 

4.1 The principles contained in this policy and Strategy will be applied at both corporate and 
operational levels within the municipality. 

4.2 The municipality’s Risk Management Policy and Strategy will be applied to all operational 
aspects of the Municipality and will consider external strategic risks arising from or related to 
other government municipality’s and the public, as well as wholly internal risks. 

4.3 Our positive approach to risk management means that we will not only look at the risk of 
things going wrong, but also the impact of not taking opportunities or not capitalising on 
corporate strengths. 

5. General Principles 

5.1 All risk management activities will be aligned to corporate aims, objectives and the 
municipality’s priorities, and aims to protect and enhance the reputation and standing of the 
municipality. 

5.2 Risk analysis will form part of the municipality strategic planning, business planning and 
investment /project appraisal procedures. 

5.3 Risk management will be founded on a risk-based approach to internal control which will be 
embedded into day to day operations of the municipality. 

5.4 Managers and staff at all levels will have the responsibility to identify, evaluate and manage 
or report risks. 

5.5 Our risk management approach will inform and direct our work to gain an assurance on the 
reliability of the municipality systems. 




5.6 We will foster a culture which provides for spreading best practice, lessons learned and 

expertise acquired from our risk management activities across the municipality for the benefit 
of the entire municipality. 

6. Principles for Managing Specific Risks 

6.1 Risk Management in the municipality should be proactive and reasoned. Corporate and 
operational risks should be identified, objectively assessed, and actively managed. 

6.2 The aim is to anticipate, and where possible, avoid risks rather than dealing with their 
consequences. However, for some key areas where the likelihood of a risk occurring is 
relatively small, but the impact is high, we may cover that risk by developing Contingency 
Plans. For example, we must develop Business Continuity Plans and or Disaster Recovery 
Plans. This will allow us to contain the negative effect of unlikely events which might occur. 

6.3 In determining an appropriate response, the cost of control/risk management, and the impact 
of risks occurring will be balanced with the benefits of reducing and or managing risk. This 
means that we should not necessarily set up and monitor controls to counter risks where the 
cost and effort are disproportionate to the impact or expected benefits. 

6.4 We also recognise that some risks can be managed by transferring them to a third party, for 
example by contracting out or by insurance. 

7. RISK MANAGEMENT STRATEGY 

The roles and responsibilities of all stakeholders are clearly defined in the approved risk 
management strategy. 


8 RISK MANAGEMENT FRAMEWORK 

The risk management process are clearly defined in the risk management framework. 

9 Monitoring and Review 

The Risk Management Unit in consultation with the Accounting Office will coordinate an annual 
review of the effectiveness of this policy as well as all organizational risks, uninsured and 
uninsurable risks together with the key managers in the municipality. This annual review will 
take place immediately prior to the development of the annual business and integrated 
development plans. 



Internal Audit will monitor key controls identified in the risk management system as part of the 
audit plan developed in conjunction with the Accounting Officer, Senior Manager Internal Audit 
and Risk Management and approved by the Audit Committee. 

The municipality will review the risk profile in developing their recommendation to the Council 
regarding the municipality’s risk profile, policy, charter, strategy and framework. 



